device: handle authentication retries using 802-1x.auth-retries setting

Since commit 4a6fd0e83ec0d83547b1f3a1a916f85e9f450d8c (device: honor the
connection.autoconnect-retries for 802.1X) and the related bug bgo#723084,
we reuse the autoconnect-retries setting to control the retry count
for requesting passwords.

I think that is wrong. These are two different settings, we should not
reuse the autoconnect retry counter while the device is still active.

For example, the user might wish to set autoconnect-retries to infinity
(zero). In that case, we would retry indefinitly to request a password.
That could be problematic, if there is a different issue with the
connection, that makes it appear tha the password is wrong.
A full re-activation might succeed, but we would never stop retrying
to authenticate. Instead, we should have two different settings for
retrying to authenticate and to autoconnect.

This is a change in behavior compared to 1.8.

1 files changed, 15 insertions, 7 deletions

diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c
index bb71cf6222..672ae3cd52 100644
--- a/src/devices/nm-device-ethernet.c
+++ b/src/devices/nm-device-ethernet.c
@@ -115,6 +115,8 @@ typedef struct _NMDeviceEthernetPrivate {
 	DcbWait       dcb_wait;
 	guint         dcb_timeout_id;
 
+	int           auth_retries;
+
 	bool          dcb_handle_carrier_changes:1;
 } NMDeviceEthernetPrivate;
 
@@ -260,14 +262,18 @@ device_state_changed (NMDevice *device,
                       NMDeviceState old_state,
                       NMDeviceStateReason reason)
 {
+	NMDeviceEthernetPrivate *priv;
+
 	if (new_state > NM_DEVICE_STATE_ACTIVATED)
 		wired_secrets_cancel (NM_DEVICE_ETHERNET (device));
 
 	if (NM_IN_SET (new_state,
 	               NM_DEVICE_STATE_ACTIVATED,
 	               NM_DEVICE_STATE_FAILED,
-	               NM_DEVICE_STATE_DISCONNECTED))
-		nm_device_autoconnect_retries_reset (device, NM_TYPE_SETTING_802_1X);
+	               NM_DEVICE_STATE_DISCONNECTED)) {
+		priv = NM_DEVICE_ETHERNET_GET_PRIVATE (NM_DEVICE_ETHERNET (device));
+		priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET;
+	}
 }
 
 static void
@@ -278,6 +284,7 @@ nm_device_ethernet_init (NMDeviceEthernet *self)
 	priv = G_TYPE_INSTANCE_GET_PRIVATE (self, NM_TYPE_DEVICE_ETHERNET, NMDeviceEthernetPrivate);
 	self->_priv = priv;
 
+	priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET;
 	priv->s390_options = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free);
 }
 
@@ -664,20 +671,21 @@ handle_auth_or_fail (NMDeviceEthernet *self,
                      NMActRequest *req,
                      gboolean new_secrets)
 {
+	NMDeviceEthernetPrivate *priv;
 	const char *setting_name;
 	NMConnection *applied_connection;
-	NMSettingsConnection *settings_connection;
 
-	applied_connection = nm_act_request_get_applied_connection (req);
-	settings_connection = nm_act_request_get_settings_connection (req);
+	priv = NM_DEVICE_ETHERNET_GET_PRIVATE (self);
 
-	if (!nm_settings_connection_autoconnect_retries_try_next (settings_connection))
+	if (!nm_device_802_1x_auth_retries_try_next (NM_DEVICE (self),
+	                                             &priv->auth_retries))
 		return NM_ACT_STAGE_RETURN_FAILURE;
 
 	nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE);
 
 	nm_active_connection_clear_secrets (NM_ACTIVE_CONNECTION (req));
 
+	applied_connection = nm_act_request_get_applied_connection (req);
 	setting_name = nm_connection_need_secrets (applied_connection, NULL);
 	if (setting_name) {
 		wired_secrets_get_secrets (self, setting_name,
@@ -1336,7 +1344,7 @@ deactivate (NMDevice *device)
 	GError *error = NULL;
 
 	/* Clear wired secrets tries when deactivating */
-	nm_device_autoconnect_retries_reset (device, NM_TYPE_SETTING_802_1X);
+	priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET;
 
 	nm_clear_g_source (&priv->pppoe_wait_id);